APAR status
Closed as new function.
Error description
Third party cookies may fail to work once Chrome phases out support. A new cookie attribute is created to place them in the browser's "partitioned" storage and allow them to be used in cross-site requests (with restrictions). See links for more information.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All IBM WebSphere Application Server and * * Liberty * **************************************************************** * PROBLEM DESCRIPTION: WebSphere Application Server does not * * support the Partitioned cookie * * attribute. * **************************************************************** * RECOMMENDATION: * **************************************************************** Chrome has deprecated third-party cookies and plans to phase them out in early 2025 (tentative). Rather than block all third party cookies, Chrome now supports a new attribute called "Partitioned" which will allow these cookies in some cross-site scenarios to prevent sites from breaking entirely. More information and examples can be found here: - https://developers.google.com/privacy-sandbox/3pcd/chips - https://developer.mozilla.org/en- US/docs/Web/Privacy/Privacy_san dbox/Partitioned_cookies - https://developers.google.com/privacy-sandbox Note: Partitioned only applies if the cookie is also marked as SameSite=None
Problem conclusion
WebSphere Application Server was updated to support the Partitioned attribute through three new properties. They only accept true or false. By default, cookies do not have the Partitioned attribute. When true is specified, and the cookie has the SameSite=None attribute, then Parititioned will also be added. These properties are much like SameSite config (https://www.ibm.com/support/pages/apar/PH22157). >> Channel Config (Applies to all outgoing Cookies) Property Name: sameSitePartitioned Value: true or false Location: WebSphere application servers > server_name. Under Web Container Settings, click Web container transport chains > chain_name > HTTP inbound channel > Custom properties Additional Information: The HTTP Channel has been updated to recognize Partitioned as a valid attribute, so it can be set via the HttpServletResponse#setHeader and HttpServletResponse #addHeader method calls when setting Cookie headers. >> Security Cookie Config Property Name: com.ibm.websphere.security.addPartitionedAttributeToCookie Value: true or false Location: Security > Global security > Custom properties. >> Session Cookie Config Property Name: CookiePartitioned Value: true or false Location: Servers > Server Types > WebSphere application servers > server_name > Session management It is important to note that the session and security properties take precedence over the channel configuration, much like the SameSite configuration. For example, if session's CookiePartitioned is false, but channel's sameSiteNone is all and channel's sameSitePartitioned is true then the session cookie will not be partitioned. The fix for this APAR is targeted for inclusion in fix packs 8.5.5.26, 9.0.5.20, and Liberty 24.0.0.7 (tentative). The Github epic for Liberty can be found here: https://github.com/OpenLiberty/open-liberty/issues/27405 Instructions for configuring Liberty and other information regarding partitioning will be linked here later once the blog post is published. For more information, see 'Recommended Updates for WebSphere Application Server': https://www.ibm.com/support/pages/node/715553
Temporary fix
Comments
APAR Information
APAR number
PH61176
Reported component name
WEBSPHERE APP S
Reported component ID
5724J0800
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2024-05-01
Closed date
2024-06-05
Last modified date
2024-06-05
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSPHERE APP S
Fixed component ID
5724J0800
Applicable component levels
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"}}]
Document Information
Modified date:
05 June 2024